Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- Adoption call (2/4/2022 to 2/18/2022)
Aijun Wang <wangaijun@tsinghua.org.cn> Tue, 22 February 2022 13:14 UTC
Return-Path: <wangaijun@tsinghua.org.cn>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 508B93A1147 for <idr@ietfa.amsl.com>; Tue, 22 Feb 2022 05:14:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QaM7KmRmS70m for <idr@ietfa.amsl.com>; Tue, 22 Feb 2022 05:14:47 -0800 (PST)
Received: from mail-m17638.qiye.163.com (mail-m17638.qiye.163.com [59.111.176.38]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6D913A1144 for <idr@ietf.org>; Tue, 22 Feb 2022 05:14:42 -0800 (PST)
Received: from smtpclient.apple (unknown [106.121.9.179]) by mail-m17638.qiye.163.com (Hmail) with ESMTPA id C3C791C05EC; Tue, 22 Feb 2022 21:14:40 +0800 (CST)
Content-Type: multipart/alternative; boundary="Apple-Mail-7DE21EB3-9359-41E7-A439-5772AA8B670B"
Content-Transfer-Encoding: 7bit
From: Aijun Wang <wangaijun@tsinghua.org.cn>
Mime-Version: 1.0 (1.0)
Date: Tue, 22 Feb 2022 21:14:39 +0800
Message-Id: <DD09DA30-D081-4152-9D5D-4BC1E0320C0A@tsinghua.org.cn>
References: <20220222124332.GX15589@pfrc.org>
Cc: Gyan Mishra <hayabusagsm@gmail.com>, idr@ietf.org, "UTTARO, JAMES" <ju1738@att.com>, Sue Hares <shares@ndzh.com>, Robert Raszuk <robert@raszuk.net>, lizhenqiang@chinamobile.com
In-Reply-To: <20220222124332.GX15589@pfrc.org>
To: Jeffrey Haas <jhaas@pfrc.org>
X-Mailer: iPhone Mail (19C63)
X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgPGg8OCBgUHx5ZQUlOS1dZCBgUCR5ZQVlLVUtZV1 kWDxoPAgseWUFZKDYvK1lXWShZQUpMS0tKN1dZLVlBSVdZDwkaFQgSH1lBWRlNTh5WGk9KHxoYHU 4dGEkdVRMBExYaEhckFA4PWVdZFhoPEhUdFFlBWVVLWQY+
X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Ok06FAw5DD4BPAMZDB0NCRwP IhkKCjpVSlVKTU9OTkhOTUNKSUhOVTMWGhIXVQwaFRwaEhEOFTsPCBIVHBMOGlUUCRxVGBVFWVdZ EgtZQVlKS01VSklKVUJVSkxCWVdZCAFZQUNCSkI3Bg++
X-HM-Tid: 0a7f2191d926d993kuwsc3c791c05ec
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/gHZho4E7coHWtAsswmxiJ4Mg6GM>
Subject: Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- Adoption call (2/4/2022 to 2/18/2022)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2022 13:14:51 -0000
Hi, Jeffrey: I think there are some misunderstanding about the VPN Prefix ORF mechanism. As stated in https://datatracker.ietf.org/doc/html/draft-wang-idr-vpn-prefix-orf-01#section-4.1.1, once the threshold is reached(for example, 80% of the max routes in one VRF), the PE will begin to monitor the upcoming VPN routes. And, as you assumed, if in such time, the 850k routes are coming to this PE from the RR. The PE will trigger and send out the VPN Prefixes ORF mechanism upon it receives the 20% of the VRF routes limits. This value will be far less than your 850k.(We call this time is T1) When the RR receives such messages, it will act immediately the filter.(We call this time is T2). The most part of the 850k routes will be filtered at the RR, thus release the PE to parse all of them. The only passed routes are carried within the BGP Updates from T1 to T2. These are also the routes that should be withdrawn from the PE. Its value will also be far less than the 850k. It won’t also require the local discard of 850k routes. Isn’t this the value of ORF mechanism? We have stated several times that local discard doesn’t release the PE from processing the overwhelmed routes. Aijun Wang China Telecom > 在 2022年2月22日,20:44,Jeffrey Haas <jhaas@pfrc.org> 写道: > > Gyan, > > On Mon, Feb 21, 2022 at 10:42:23PM -0500, Gyan Mishra wrote: >>> And that's throwing out the routes locally anyway. >>> >> >> Gyan> The RD ORF is a method of locally mitigating no different then >> applying a local filter to block the source RD route leak, but I agree you >> avoid the 850k withdrawal message processing, however the local filter >> requires manual intervention. I think it would be difficult to automate >> a local protection mechanism. > > Are you making the assumption that your trigger mechanism couldn't simply > cause your implementation to discard routes? > > If so... that's weird. > > A prefix-limit can certainly just start discarding routes that are out of > bounds. Consider Juniper's "drop-excess": > > https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/ref/statement/prefix-limit-edit-protocols-bgp.html > > I typically do not recommend customers rely on this form of the > configuration. It leads to less than deterministic behaviors and has the > issues of forwarding problems when more specific prefixes are being discarded > in the presence of less specific ones. > > But much like the problem statement in your I-D, sometimes it's necessary. > > -- Jeff > > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr
- [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- Adopt… Susan Hares
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Wei Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… UTTARO, JAMES
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Acee Lindem (acee)
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… John E Drake
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Zhuangshunwan
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… lizhenqiang@chinamobile.com
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… UTTARO, JAMES
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… UTTARO, JAMES
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… lizhenqiang@chinamobile.com
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… UTTARO, JAMES
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… UTTARO, JAMES
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jakob Heitz (jheitz)
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… UTTARO, JAMES
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jakob Heitz (jheitz)
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jakob Heitz (jheitz)
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Wanghaibo (Rainsword)
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Wanghaibo (Rainsword)
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Huaimo Chen
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Dongjie (Jimmy)
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Linda Dunbar
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Wubo (lana)
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Wanghaibo (Rainsword)
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… UTTARO, JAMES
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gyan Mishra
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Nick Hilliard
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Nick Hilliard
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Wei Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Gert Doering
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Nick Hilliard
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Nick Hilliard
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Nick Hilliard
- [Idr] A reminder about civility during WG discuss… Jeffrey Haas
- Re: [Idr] A reminder about civility during WG dis… Vladimir B.
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Wei Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Aijun Wang
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Robert Raszuk
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Jeffrey Haas
- Re: [Idr] draft-wang-idr-vpn-prefix-orf-00.txt- A… Susan Hares